I appreciate the examination of not just the author’s approach, but also PICO-8. I find this interesting because it is along the same lines as my executable PNG research, but with totally different end goals.
For PNG in particular, the design of the file format includes extensibility by allowing tool authors to insert brand-new ad-hoc chunk types into existing files. My tool inserts a custom zaHa PNG chunk into each file; the pixel data is generated by standard Graphviz tools. This eases data retrieval and allows the executable PNG to generally survive handling by Web browsers and other tools even if pixel data is transformed. This isn’t the way that things must be done, and stegonography is an excellent traditional technique, but I intentionally chose PNG for its extensibility.
I expected this post would be about manufacturing files that are both a valid PNG and a valid ELF. I’m disappointed.
See Ange Albertini’s work on Proof of Concept || GTFO and his Funky File Formats talk:
https://www.youtube.com/watch?v=hdCs6bPM4is
https://github.com/corkami/docs
https://github.com/corkami/mitra
I appreciate the examination of not just the author’s approach, but also PICO-8. I find this interesting because it is along the same lines as my executable PNG research, but with totally different end goals.
For PNG in particular, the design of the file format includes extensibility by allowing tool authors to insert brand-new ad-hoc chunk types into existing files. My tool inserts a custom
zaHaPNG chunk into each file; the pixel data is generated by standard Graphviz tools. This eases data retrieval and allows the executable PNG to generally survive handling by Web browsers and other tools even if pixel data is transformed. This isn’t the way that things must be done, and stegonography is an excellent traditional technique, but I intentionally chose PNG for its extensibility.